NVD Vulnerability Detail

CVE-2019-3930

Summary	The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint.
Publication Date	May 1, 2019, 6:29 a.m.
Registration Date	Jan. 26, 2021, 11:42 a.m.
Last Update	Nov. 21, 2024, 1:42 p.m.

CVSS3.1 : CRITICAL
スコア	9.8
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

CVSS2.0 : HIGH
Score	10.0
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:::::::*
execution environment
1	cpe:2.3:h:crestron:am-100:-:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:::::::*
execution environment
1	cpe:2.3:h:crestron:am-101:-:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:barco:wepresent_wipg-1000p_firmware:2.3.0.10:::::::*
execution environment
1	cpe:2.3:h:barco:wepresent_wipg-1000p:-:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:o:barco:wepresent_wipg-1600w_firmware::::::::					2.4.1.19
execution environment
1	cpe:2.3:h:barco:wepresent_wipg-1600w:-:::::::*

Configuration5		or higher	or less	more than	less than
cpe:2.3:o:extron:sharelink_200_firmware:2.0.3.4:::::::*
execution environment
1	cpe:2.3:h:extron:sharelink_200:-:::::::*

Configuration6		or higher	or less	more than	less than
cpe:2.3:o:extron:sharelink_250_firmware:2.0.3.4:::::::*
execution environment
1	cpe:2.3:h:extron:sharelink_250:-:::::::*

Configuration7		or higher	or less	more than	less than
cpe:2.3:o:teqavit:wips710_firmware:1.1.0.7:::::::*
execution environment
1	cpe:2.3:h:teqavit:wips710:-:::::::*

Configuration8		or higher	or less	more than	less than
cpe:2.3:o:sharp:pn-l703wa_firmware:1.4.2.3:::::::*
execution environment
1	cpe:2.3:h:sharp:pn-l703wa:-:::::::*

Configuration9		or higher	or less	more than	less than
cpe:2.3:o:optoma:wps-pro_firmware:1.0.0.5:::::::*
execution environment
1	cpe:2.3:h:optoma:wps-pro:-:::::::*

Configuration10		or higher	or less	more than	less than
cpe:2.3:o:blackbox:hd_wireless_presentation_system_firmware:1.0.0.5:::::::*
execution environment
1	cpe:2.3:h:blackbox:hd_wireless_presentation_system:-:::::::*

Configuration11		or higher	or less	more than	less than
cpe:2.3:o:infocus:liteshow3_firmware:1.0.16:::::::*
execution environment
1	cpe:2.3:h:infocus:liteshow3:-:::::::*

Configuration12		or higher	or less	more than	less than
cpe:2.3:o:infocus:liteshow4_firmware:2.0.0.7:::::::*
execution environment
1	cpe:2.3:h:infocus:liteshow4:-:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.tenable.com/security/research/tra-2019-20		Exploit Third Party Advisory
2	https://www.tenable.com/security/research/tra-2019-20		Exploit Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html

JVN Vulnerability Information

Crestron AM-100 ファームウェアなどの製品におけるバッファエラーの脆弱性

Title	Crestron AM-100 ファームウェアなどの製品におけるバッファエラーの脆弱性
Summary	Crestron AM-100 ファームウェアなどの製品には、バッファエラーの脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	April 30, 2019, midnight
Registration Date	May 27, 2019, 1:54 p.m.
Last Update	May 27, 2019, 1:54 p.m.

Affected System

シャープ株式会社

PN-L703WA ファームウェア 1.4.2.3

InFocus Corporation

LiteShow3 ファームウェア 1.0.16

LiteShow4 ファームウェア 2.0.0.7

Black Box Network Services.

HD Wireless Presentation System ファームウェア 1.0.0.5

Crestron Electronics, Inc.

AirMedia AM-100 ファームウェア 1.6.0.2

AirMedia AM-101 ファームウェア 2.7.0.1

Barco

wePresent WiPG-1000P ファームウェア 2.3.0.10

wePresent WiPG-1600W ファームウェア 2.4.1.19 未満

Extron

Extron ShareLink 200 ファームウェア 2.0.3.4

Extron ShareLink 250 ファームウェア 2.0.3.4

Teq AVIT

WiPS710 ファームウェア 1.1.0.7

Optoma

WPS-Pro ファームウェア 1.0.0.5

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2019-3930	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3930
National Vulnerability Database (NVD)
2	CVE-2019-3930	https://nvd.nist.gov/vuln/detail/CVE-2019-3930

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Barco
1	wePresent WiPG-1000	https://www.barco.com/en/product/wepresent-wipg-1000
2	wePresent WiPG-1600W	https://www.barco.com/en/product/wepresent-wipg-1600w
Black Box Network Services.
3	Top Page	https://www.blackbox.com/en-us
Crestron Electronics
4	AM-100	https://www.crestron.com/en-US/Products/Workspace-Solutions/Wireless-Presentation-Solutions/AirMedia-Presentation-Gateways/AM-100
5	AM-101	https://www.crestron.com/en-US/Products/Workspace-Solutions/Wireless-Presentation-Solutions/AirMedia-Presentation-Gateways/AM-101
Extron
6	Top Page	https://www.extron.com/
InFocus
7	Top Page	https://www.infocus.com/
Optoma
8	WPS Pro	https://www.optoma.com/us/product/wps-pro/
Teq AVIT
9	Top Page	https://www.teq-avit.com/
シャープ株式会社
10	PN-L703WA	https://jp.sharp/business/bigpad/lineup/pnl703wa/

その他

No	Name	URL
関連文書
1	OEM Presentation Platform Vulnerabilities	https://www.tenable.com/security/research/tra-2019-20

Change Log

No	Changed Details	Date of change
1	[2019年05月27日] 掲載	May 27, 2019, 1:54 p.m.